Patch Tuesday: Five critical bulletins, Exchange Server fix expected


Patch Tuesday: Five critical bulletins, Exchange Server fix expected

Moriah Sargent, Contributor

Microsoft will address 11 vulnerabilities this month, fixing flaws in Internet Explorer, Microsoft Office and Microsoft Exchange Server.

Seven Microsoft security bulletins, five critical and two important, will be released in the December 2012 Patch Tuesday update, according to the Patch Tuesday Advance notification

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

issued by the software giant. The updates impact Microsoft Windows, Word, Windows Server and Internet Explorer. All currently supported operating systems are affected, the software giant said.

Bulletins 1 through 5 fix critical remote code execution vulnerabilities. Bulletin 1 requires a restart and affects Internet Explorer (IE) 9 and 10. IE 6, 7 and 8 will also be updated to address this issue.

"This flaw exists in IE 6, 7 and 8, but it's not exploitable in those versions," said Marcus Carey, a security researcher at Boston-based security vendor Rapid7 Inc.

Bulletins 2 and 5 require a restart and affect different versions of Windows XP Service Packs, Windows Server 2003, Windows Vista Service Packs, Windows Server 2008 and Windows 7. Bulletin 2 also addresses issues in Windows 8, Windows Server 2012 and Windows RT.

Bulletin 3 may require a restart to complete the patch. The vulnerabilities addressed in this bulletin affect services packs for Microsoft Word 2003, 2007 and 2010; Microsoft Word Viewer; Microsoft Office Compatibility Pack Service Packs 2 and 3; Word Automation Services; and Microsoft Office Web Apps 2010 Service Pack 1. Bulletin 4 may require a restart and affects Microsoft Exchange Server 2007 Service Pack 3 and Microsoft Exchange Server 2010 Service Packs 1 and 2.

The Exchange Server update should get the most attention, according to Wolfgang Kandek, CTO of Redwood City, Calif.-based Qualys Inc. If the update cannot be applied quickly, patching teams should implement a short term fix, Kandek said.  

The important bulletins, 6 and 7, require a restart. Bulletin 6 addresses vulnerabilities that could allow remote code execution. The affected software are Windows XP Service Packs, Windows Server 2003, Windows Vista Service Packs, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 and Windows Server 2012 . Bulletin 7 addresses a security feature bypass vulnerability in Windows Server 2008 R2 and Windows Server 2012.

The bulletins will be released Tuesday, Dec. 11 at approximately 1 p.m. ET.

The November 2012 Patch Tuesday release focused on issues in Internet Explorer and Windows Kernel. November also included the first patches for Windows 8.